I'm trying to POST an XML file (OWASP ZAP Report) to an external service (OWASP Defect Dojo), using a shared Jenkins library. A curl-command (see below) for POST-ing the XML file works fine. But I have a hard time translating that into Jenkins' Http Request plugin, so we can include it in a reusable Jenkins shared library.
This results in the following response:
Response Code: HTTP/1.1 400 Bad Request
Response:
{"detail":"Multipart form parse error - Invalid boundary in multipart: None"}
Is this a bug or am I missing something?
curl command:
curl -X 'POST' \
'http::8080/api/v2/import-scan/' \
-H 'accept: application/json' \
-H 'Content-Type: multipart/form-data' \
-H 'X-CSRFToken: ' \
-H 'Authorization: Token ' \
-F 'scan_date=2023-11-20' \
-F 'minimum_severity=Info' \
-F 'active=true' \
-F 'verified=true' \
-F 'scan_type=ZAP Scan' \
-F 'file=@zapreport.xml;type=text/xml' \
-F 'product_name=Test project' \
-F 'engagement_name=Test engagement' \
-F 'close_old_findings=false' \
-F 'close_old_findings_product_scope=false' \
-F 'push_to_jira=false' \
-F 'create_finding_groups_for_all_findings=true'
Jenkins Groovy code:
ResponseContentSupplier response = steps.httpRequest url: "${env.DEFECT_DOJO_HOST_URL}${api}",
acceptType: 'APPLICATION_JSON',
contentType: 'APPLICATION_FORM_DATA',
httpMode: 'POST',
uploadFile: 'zapreport.xml',
multipartName: 'zapreport.xml',
customHeaders: customHeadersDummy(authHeader, headers), // Includes auth-token
formData: [[body: '''{
"product_name": "Dummy project",
"engagement_name": "Dummy Engagement",
"scan_date": "2023-11-20",
"minimum_severity": "Info",
"active": "true",
"verified": "true",
"scan_type": "ZAP Scan",
"close_old_findings": "false",
"close_old_findings_product_scope": "false",
"push_to_jira": "false",
"create_finding_groups_for_all_findings": "true"
}''',
contentType: 'text/xml',
fileName: 'zapreport.xml',
name: 'zapreport.xml',
uploadFile: 'zapreport.xml']],
consoleLogResponseBody: true,
responseHandle: 'NONE',
timeout: null
wrapAsMultipart: false
Originally reported by
brampat, imported from: Http Request plugin Multipart form does not set boundaries for multipart
- assignee:
janario
- status: Open
- priority: Blocker
- component(s): http-request-plugin
- resolution: Unresolved
- votes: 0
- watchers: 8
- imported: 20260702-081740
Raw content of original issue
I'm trying to POST an XML file (OWASP ZAP Report) to an external service (OWASP Defect Dojo), using a shared Jenkins library. A curl-command (see below) for POST-ing the XML file works fine. But I have a hard time translating that into Jenkins' Http Request plugin, so we can include it in a reusable Jenkins shared library.
This results in the following response:
Response Code: HTTP/1.1 400 Bad Request
Response:
{"detail":"Multipart form parse error - Invalid boundary in multipart: None"}
Is this a bug or am I missing something?
curl command:
curl -X 'POST' \
'http:<server>:8080/api/v2/import-scan/' \
-H 'accept: application/json' \
-H 'Content-Type: multipart/form-data' \
-H 'X-CSRFToken: <token>' \
-H 'Authorization: Token <token>' \
-F 'scan_date=2023-11-20' \
-F 'minimum_severity=Info' \
-F 'active=true' \
-F 'verified=true' \
-F 'scan_type=ZAP Scan' \
-F 'file=@zapreport.xml;type=text/xml' \
-F 'product_name=Test project' \
-F 'engagement_name=Test engagement' \
-F 'close_old_findings=false' \
-F 'close_old_findings_product_scope=false' \
-F 'push_to_jira=false' \
-F 'create_finding_groups_for_all_findings=true'
Jenkins Groovy code:
ResponseContentSupplier response = steps.httpRequest url: "${env.DEFECT_DOJO_HOST_URL}${api}",
acceptType: 'APPLICATION_JSON',
contentType: 'APPLICATION_FORM_DATA',
httpMode: 'POST',
uploadFile: 'zapreport.xml',
multipartName: 'zapreport.xml',
customHeaders: customHeadersDummy(authHeader, headers), // Includes auth-token
formData: [[body: '''{
"product_name": "Dummy project",
"engagement_name": "Dummy Engagement",
"scan_date": "2023-11-20",
"minimum_severity": "Info",
"active": "true",
"verified": "true",
"scan_type": "ZAP Scan",
"close_old_findings": "false",
"close_old_findings_product_scope": "false",
"push_to_jira": "false",
"create_finding_groups_for_all_findings": "true"
}''',
contentType: 'text/xml',
fileName: 'zapreport.xml',
name: 'zapreport.xml',
uploadFile: 'zapreport.xml']],
consoleLogResponseBody: true,
responseHandle: 'NONE',
timeout: null
wrapAsMultipart: false
- environment:
Jenkins 2.393
I'm trying to POST an XML file (OWASP ZAP Report) to an external service (OWASP Defect Dojo), using a shared Jenkins library. A curl-command (see below) for POST-ing the XML file works fine. But I have a hard time translating that into Jenkins' Http Request plugin, so we can include it in a reusable Jenkins shared library.
This results in the following response:
Response Code: HTTP/1.1 400 Bad Request Response: {"detail":"Multipart form parse error - Invalid boundary in multipart: None"}Is this a bug or am I missing something?
curl command:
Jenkins Groovy code:
Originally reported by
brampat, imported from: Http Request plugin Multipart form does not set boundaries for multipart
Raw content of original issue
Jenkins 2.393